How to Use the Command 'query' (with examples)
- Windows
- December 17, 2024
The query
command is a versatile utility within Windows Server that provides administrators with details about user sessions and running processes. This command is highly useful for managing and overseeing system resources and user activities in both local and remote computer environments. Its several functionalities make it an indispensable tool for system administrators who need to monitor system usage and status.
Use Case 1: Display All User Sessions
Code:
query session
Motivation:
Understanding all user sessions on a server is crucial for administrators who need to manage multiple users accessing a system. This functionality can be particularly useful during high traffic periods or when troubleshooting issues related to user logins or resource utilization.
Explanation:
The command query session
is straightforward and requires no additional arguments. It provides a comprehensive list of all current user sessions on the local machine, detailing session names, user IDs, states, types, and device names. This is a quick way to get an overview of the active users on a system.
Example Output:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
>console JohnDoe 1 Active wdcon
rdp-tcp#1 JaneDoe 3 Active rdpwd
Use Case 2: Display the Current User Sessions on a Remote Computer
Code:
query session /server:hostname
Motivation:
By providing the ability to query sessions on a remote computer, administrators can manage multiple systems from a single location. This is especially helpful in server rooms or data centers where physical access to each machine can be cumbersome or impractical. It allows IT departments to efficiently monitor and aid in remote system management.
Explanation:
This command extends the basic query session
capability by adding the /server:hostname
argument. Replace hostname
with the domain name or IP address of the remote computer you wish to query. This instructs the command to retrieve session information from the specified remote host.
Example Output:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
rdp-tcp#2 Admin 5 Active rdpwd
>rdp-tcp#3 RemoteUser 7 Active rdpwd
Use Case 3: Display Logged in Users
Code:
query user
Motivation:
Monitoring logged-in users is an essential task for securing systems against unauthorized access and managing current user loads. By listing all logged-in users, an administrator can take quick action if an unknown or suspicious user is detected.
Explanation:
The query user
command returns a list of all users currently logged into the system. This includes details such as user names, session IDs, and session status. This command is similar to query session
but focuses specifically on user accounts rather than sessions as a whole.
Example Output:
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
JohnDoe console 1 Active none 10/23/2023 08:40
JaneDoe rdp-tcp#1 3 Active 14:15 10/23/2023 09:00
Use Case 4: Display All User Sessions on a Remote Computer
Code:
query session /server:hostname
Motivation:
Ensuring that you can view all user sessions on a remote machine helps in managing remote access infrastructures effectively. This use case supports large organizations where remote workstations or terminal servers need regular checks without physical access requirements.
Explanation:
Similar to Use Case 2, this command uses the /server:hostname
argument, replacing hostname
with the IP address or name of the server you need to query. It lists session details, making it straightforward to manage users and their activities on the specified remote computer.
Example Output:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
session3 MarySmith 10 Active rdpwd
>rdp-tcp#4 ChrisJones 12 Active rdpwd
Use Case 5: Display All Running Processes
Code:
query process
Motivation:
Knowing what processes are currently running on a system is vital for performance monitoring and troubleshooting. This command is invaluable for diagnosing system slowdowns or identifying potentially harmful processes running without authorization.
Explanation:
The query process
command outputs a detailed list of all processes currently executing on the local system. The list includes process IDs, session IDs, and names, giving a complete picture of the system’s current operational state.
Example Output:
USER PROCESS PID SESSIONNAME SESSION MEM USAGE
JohnDoe 1029 console 1 98,000 K
JaneDoe 2045 rdp-tcp#1 3 72,000 K
Use Case 6: Display Running Processes by Session or User Name
Code:
query process session_name|user_name
Motivation:
Sometimes, it is necessary to focus on processes specific to a session or a user, especially when diagnosing performance issues or security concerns related to a particular user or session. This targeting helps in quick identification and resolution of issues.
Explanation:
This iteration of the query process
command allows you to filter processes by a specific session or user. If you replace session_name|user_name
with either the session name or the user’s name, the command will return only those processes related to the specified session or user. This targeted approach enhances the efficiency of system administration tasks.
Example Output:
USER PROCESS PID SESSIONNAME SESSION MEM USAGE
JaneDoe 2045 rdp-tcp#1 3 72,000 K
Conclusion:
The query
command provides a robust set of tools for system administrators, offering deep insights into user sessions and system processes both locally and remotely. Each use case presented here underscores the command’s utility in varying administrative scenarios, aiding in efficient and secure system management.